UK Security Researcher Who Stopped WannaCry Outbreak Arrested in US

Zack Whittaker, reporting for ZDNet: A security researcher who in May stopped an outbreak of the WannaCry ransomware has been arrested and detained after attending the Def Con conference in Las Vegas. Marcus Hutchins, 23, a British national, was arrested at Las Vegas airport on Wednesday by US Marshals, several close friends confirmed to ZDNet. A friend told ZDNet that he was "was pulled by Marshals at the lounge" after clearing security. He was briefly detained in a federal facility in Nevada until he was moved. "We went to see him this morning and we had already been moved," said the friend. Hutchins is now understood to be in custody at an FBI field office in the state. Motherboard first broke the story on Thursday. Update: A Motherboard reporter tweets, "Here's the indictment accusing @MalwareTechBlog of running the Kronos banking malware."
Update 2: New DOJ statement: Gregory J. Haanstad, United States Attorney for the Eastern District of Wisconsin, announced that on July 11, 2017, following a two-year long investigation, a federal grand jury returned a six-count indictment against Marcus Hutchins, also known as "Malwaretech," for his role in creating and distributing the Kronos banking Trojan.

What's what!?

[Dutchmaan]

He may have helped to stop it, but it begs the question.. Did he have a hand in spreading it in the first place, or is this an unrelated charge?

Re:What's what!?

He may have helped to stop it, but it begs the question.. Did he have a hand in spreading it in the first place, or is this an unrelated charge?

It doesn't beg that question any more than it begs the question of why anyone who is a high profile security researcher would be stupid enough to travel to the US.

Re:What's what!?

[iced_773]

Allegedly created Kronos. I'd like to see the actual indictment, so hopefully that will be up soon. http://money.cnn.com/2017/08/0...

Re:What's what!?

[the_skywise]

I wonder if he played the Kronos slot machine while he was in Vegas. :p

Re:What's what!?

[fibonacci8]

I doesn't beg the question. Post hoc ergo propter hoc. Suspicion alone falls under unreasonable search and seizure. I hope those detaining Hutchins have a proper warrant for their actions against him. If they do not, I sincerely desire to see them dragged through court causing inconvenience in proportion with what they've caused him.

Re:What's what!?

[PPH]

WannaCry was built on top of an NSA exploit that had been leaked. A part of that NSA package was the kill switch that Hutchins discovered and published. He may have had nothing to do with WannaCry's development or propagation. But he caused a TLA to lose one of it's fun toys. And for that, he will be punished.

When agencies get this far out of control, it's time to shut them down.

Re:What's what!?

[TechyImmigrant]

He may have helped to stop it, but it begs the question.. Did he have a hand in spreading it in the first place, or is this an unrelated charge?

It doesn't beg that question any more than it begs the question of why anyone who is a high profile security researcher would be stupid enough to travel to the US.

No question was begged. It raises the question. Begging the question is something else entirely. https://en.wikipedia.org/wiki/...

Re:What's what!?

The FBI wanted to forcibly offer him some saffron cake and coffee for his actions.

Re:What's what!?

[iced_773]

I'd like to see the actual indictment

Aaaaand here it is.

Re:What's what!?

Here ya go:

https://www.documentcloud.org/documents/3912520-Marcus-Hutchinson-Indictment.html

Re:What's what!?

[I'm+New+Around+Here]

Yes, but 'beg the question' is just a really bad translation of the original phrase. Let 'beg the question' have its new meaning, which makes linguistic sense, and come up with a new phrase for what is essentially circular logic.

Re:What's what!?

[I'm+New+Around+Here]

As I replied above, and many times before,

Yes, but 'beg the question' is just a really bad translation of the original phrase. Let 'beg the question' have its new meaning, which makes linguistic sense, and come up with a new phrase for what is essentially circular logic.

Re:What's what!?

Interesting that shibboleth has managed to retain its meaning for over 3000 years.

Re:What's what!?

[azcoyote]

Good point. (Where's my mod points when I need them?)

Re:What's what!?

Exactly. This is Trump's fault. He ordered his NSA to build that horrific thing and now this poor kid is getting blamed for what Trump did. As usual, Trump is destroying lives.

Re: What's what!?

Reading about all of these horrible things Trump is doing just makes me want to die.

Re:What's what!?

Allegedly created Kronos. I'd like to see the actual indictment, so hopefully that will be up soon. http://money.cnn.com/2017/08/0...

Oh.. I thought you meant the other - like Kronos.com - that's even more wretched than PC malware.

Re:What's what!?

You are simply invoking this shibboleth to try to make yourself look smarter, but you posted this AC so it doesn't matter.

That is begging the question.

If a person does A to make themselves look smarter, why would they conceal themselves?

Methinks someone with a four digit UID in this thread feels their ego is under attack.

Re: What's what!?

Are you guys retarded? This shit was orchestrated years ago under the Obama administration.

Re: What's what!?

I'm sure that was his plan all along.

Re:What's what!?

This is dumb and wrong. The NSA didn't create the malware, nor the kill switch within it.

What the NSA did that is relevant to the issue being discussed is to know about the Windows SMBv1 vulnerability and not tell Microsoft, and created an exploit to use the vulnerability. The SMBv1 exploit is simply a tool used by the malware, and the malware itself was coded to have a kill switch, separate parts.

If the NSA had disclosed the vulnerability after finding it, we probably wouldn't have had the WCry malware outbreak, because patches would have been out a lot sooner to plug the hole.

Re:What's what!?

[spun]

Hardly. I used to be like you, but then i learned about the difference between descriptivism and prescriptivism and decided it just wasn't worth it to keep harping on the "begging the question" thing.

Re:What's what!?

Like I could care less...

I could, but I responded instead.

Re:What's what!?

[gnick]

No question was begged.

When I see somebody use the phrase, "begs the question," I mentally substitute "begets the question." It settles my inner pedant.

Re:What's what!?

No, it begs the question. The thing that you types forget is that language is a living construct. Its purpose is to facilitate communication. If two people use language and they successfully communicate with it, then the language is being used correctly. As such, it's not some sculpture carved in stone, forever unchanging. It constantly evolves. At one point in time, your meaning was correct, but if you were to use it in your perceived "proper" way, most of the population would be confused, thus causing language to fail to communicate, thus indicating you used it incorrectly. You can go on and on all you want that everyone else is wrong, but at some point you'll grow up and learn that no, you're wrong. You're the one failing to communicate, not everybody else. Language is ruled by the vernacular. "Literally" can now mean "figuratively" and that's just how language works, deal with it.

Re:What's what!?

[thygate]

mod parent up, GP is BS

Re:What's what!?

[EETech1]

Looking at the Care-O-Meter..

That means you do care...
At least a little...

Gotta love Weird Al:)
https://youtu.be/8Gv0H-vPoDc

I know your joking, just plugging Weird Al.

Re: What's what!?

[desdinova+216]

I thought it was during the Bush Administration

Re:What's what!?

[sexconker]

By whom? You and you alone?

Re: What's what!?

Another victim of the God Emperor!

Re:What's what!?

Language changes over time, and no amount of whining by pseudo intellectuals will ever change that.

The gradual corruption of language by semi-literate fuckwits like yourself is the reason that it takes a Ph.D to understand words that were written or spoken less than 1000 years ago.

We understand that you have low standards, poor education, and low-to-moderate intelligence. There is no need to reinforce those facts.

Re:What's what!?

[no-body]

I'd like to see the actual indictment

Aaaaand here it is.

OK - looks he has some past and that's catching up with him now - bummer or ??? at least, he seemed to do some good on this WannaCry remedy.
Who knows...

Re:What's what!?

[spun]

Oh gramps, you so silly. Descriptivism is dead, long live prescriptivism. Language is not, nor should it be, static. Stasis is for losers who are too old to live with the fact that everything changes. Get with the times, old man. Or don't, you'll be dead soon enough anyhow.

Re:What's what!?

[Baloroth]

A part of that NSA package was the kill switch that Hutchins discovered and published.

This is utterly, totally, and completely wrong. The kill-switch had nothing to do with the exploit or NSA at all. It was implemented separately by the malware developers, likely as a check if the system was a sandbox.

But he caused a TLA to lose one of it's fun toys. And for that, he will be punished.

No, he didn't. This is also totally and completely wrong. The EternalBlue exploit used by Wannacry was leaked a month before Wannacry came out by a group (presumably) entirely unrelated to Marcus, and even that didn't really effect the NSA, as MS had fixed the big a month before that.

There's plenty of bad things the NSA has done to criticize, you don't need to create outright lies about them.

Re:What's what!?

English is not a dead language. Words and phrases can and do change meanings over time. When most people use a phrase like "begs the question" in a particular way, that becomes the correct meaning.

Being pedantic does not change the facts or make you look intelligent.

Re:What's what!?

[PPH]

This is dumb and wrong. The NSA didn't create the malware,

https://en.wikipedia.org/wiki/EternalBlue

There's a theory that the kill switch was built into WannaCry to prevent it from being run in a sandbox environment. It checks for a non-existent URL and refuses to run if it gets a reply, figuring that the sandbox will reply to anything. But that is pretty simple-minded. It is trivially easy to get a decent sandbox to reply (or not) correctly based on actual DNS data. What viruses do (even scrip kiddie stuff) is to look for a correct response from a command and control network. And refuse to run (and be inspected) if a server replies but incorrectly.

It's more likely that the dummy URL was created to keep EternalBlue payloads from propagating within 'friendly' environments like government and contractor intranets. Just load the URL into the DNS cache inside your firewall and your network is safe.

Re:What's what!?

[TechyImmigrant]

>Being pedantic does not change the facts or make you look intelligent.

Or even being pernickety.

Re:What's what!?

That was the point. You were so attached to the Care-O-Meter, you ignored the Irony-O-Meter.

Re:What's what!?

Like I could care less...

I see what you did there.

Re:What's what!?

Answers like these don't make you sound intelligent either, and also verge on pedantry, thanks to their use as excuses by those with terrible spelling and grammar skills.

Re:What's what!?

Again - you're not correctly differentiating between the Eternal Blue, and WannaCry.
The kill switch is part of wannacry, thus the NSA had no part in it. No one puts kill switches in exploits - that's stupid.
I feel like I shouldn't need to have to explain this here, but whatever: exploits are the code to get other code (in this case WannaCry) into the system. What happens on the system (including checking for kill switches) is all the payload code (WannaCry).

Re:What's what!?

The people who spread it in the first place arrested him and now have physical access to his devices in order to do whatever the hell they want to logs and drive contents alike.

You do the math.

Re:What's what!?

Because he was going to the Def Con hacking conference?

Re:What's what!?

no it doesn't, it just becomes a common misconception, like the US having an education system

Re:What's what!?

A two-year investigation culminating in a grand-jury handing down 6 counts for prosecution?

That is a lot more than suspicion. That is the US attorney convincing a grand-jury that there was enough evidence to warrant a full trial to evaluate the merits of six different charges.

Re:What's what!?

[PPH]

No one puts kill switches in exploits - that's stupid.

No, its not. You might not want the exploit to propagate the payload in certain environments. Like within your government or contractors' intranets. So you give them a domain name that they can resolve to something. That way, when an infected system (laptop, USB stick, etc.) is inadvertently brought to work, it won't spread.

Re:What's what!?

[russotto]

That is a lot more than suspicion. That is the US attorney convincing a grand-jury that there was enough evidence to warrant a full trial to evaluate the merits of six different charges.

That's pretty much nothing, given the maxim that a grand jury will indict a ham sandwich if the prosecution wants them to.

Re:What's what!?

[Dread_ed]

More like the government that secretly created and distributed WannaCry is looking for retribution against the person who stopped its spread.

Vindictive bastards they are. Wouldn't put it past them.

Re: What's what!?

Actually no. Literally never means figuratively.
Using 'literally' to mean figuratively is literally a form of ironic hyperboule. The word 'literally' has not however gained a new meaning,

Re:What's what!?

[dbIII]

It's kind of a bit odd though that the guy who stopped "Wannacry" is the only one involved in the entire thing from NSA to in the wild who has been arrested, especially given things like the situation where the "Stratfor" hack was carried out by one of the FBI's tame hackers/informants who is still wandering around free.
I think it's looking more likely that this guy got in the way of someone's agenda at the FBI by limiting the damage of "Wannacry" and thus ruining a chance for extra "cybersecurity" funding.
It will probably take years before we know either way.

Re:What's what!?

[dbIII]

It doesn't have to be that sinister to still have vindictive bastards.
No matter where "Wannacry" came from a massive spread of it would have resulted in lots of lovely "cybersecurity" money getting sent in the direction of the FBI and others. This guy got in the way of someone's empire building. Whether they acted and laid a false charge or took a close look and found something real is the question now IMHO.

Re:What's what!?

[thegarbz]

Based on your own citation he did beg the question. Scroll down to the section "Modern Usage".

Re:What's what!?

[aiht]

Descriptivism is dead... Language is not, nor should it be, static.

Call me a prescriptivist, but I think the way you redefined the two terms 'descriptivism' and 'prescriptivism' to mean each other is bound to cause confusion and should be proscribed.



In other news, I have now looked at words containing 'ivi' for long enough that all I can see is Roman numerals.

Re:What's what!?

[geekymachoman]

> When agencies get this far out of control, it's time to shut them down.

Right. They haven't even started yet.
What you going to do, write a letter ?

Re:What's what!?

...and this, folks, is why you do the Bright Thing and setup a Secure VIDEOCONFERENCE (like Snowden) instead of coming to the US...

Re:What's what!?

Genuine question: where do you consider the laws more conducive to security research? Most favorable?

Re:What's what!?

Wikipedia is not the arbiter of the English language. As a living language with no centralised authority, its users are. The GP's usage was the standard colloquial usage of the term, and is therefore correct.

Re:What's what!?

"...actually been "mute"..."

You Moron, a Moot Question or Moot Point has the same root meaning as a Moot Court, that is a Court intended for having a discussion, and Moot in this case is very old and means the same as a Meeting or a Meet. From Proto-Germanic Motan: Meeting.
Mute comes from the Latin Mutus, and has exactly the same meaning- incapable of speech.
In ways they are quite the opposite in meaning, although staying mute during an Entmoot is the best course of action when you don't actually have something worthy to contribute. Like you.

Re:What's what!?

"A two-year investigation culminating in a grand-jury handing down 6 counts for prosecution?"

I think that more to the point is that the Grand Jury met in East Bumfuck Wisconsin to deliberate and deliver the Indictments just in the nick of time, after supposedly two years of investigation. What the hell do people known mostly for cheese, fish and mosquitoes know about Malware?
Judge and Jury Shopping, anybody? And who is Mr. Redacted?

Re:What's what!?

[Antique+Geekmeister]

Who is the "blacked out" defendant in that indictment? Why is their name blacked out?

It makes me wonder if the other defendant is a juvenile. I'm afraid it's not uncommon for the FBI to arrest a "small fish", to try to get them to turn in a "big fish" for leniency in sentencing. It was very common in their work against, and far too often with and for, organized crime. It's led to them protecting and even supporting smaller criminals in the hope of prosecuting "kingpins", and led to their sheltering of Kevin Mitnick while he continued to commit computer hacking crimes until he fled and had to be tracked down by a far more skilled hacker.

I'm also sad to say that I've seen no constructive computer crime work by the FBI in the last decade. A great deal of smaller scale computer crime is directly referred to them and is never investigated or prosecuted. Cases with political implications, such as the Aaron Swartz attacks on JSTOR and Hillary Clinton's private email server, have been botched beyond belief.

Re:What's what!?

[Antique+Geekmeister]

> The kill switch is part of wannacry, thus the NSA had no part in it. No one puts kill switches in exploits - that's stupid.

From my personal security work, _of course_ one puts in a kill switch. The ability to disable malware to avoid detection, and re-activate it when the payload needs delivery, is fundamental to many DDOS attacks. Dormancy is a vital aspect of avoiding detection.

Re:What's what!?

[parkinglot777]

Who is the "blacked out" defendant in that indictment? Why is their name blacked out?

It makes me wonder if the other defendant is a juvenile...

It is call "redact" version where certain information needs to remain secret until it is the right time to release to public (or when all actors are indict). Thus the person doesn't need to be a juvenile but rather be kept as secret for now for some reasons. You shouldn't be over thinking yet when you don't really have enough information.

Re:What's what!?

[Kadin2048]

That doesn't make any sense and has no basis in fact.

There are enough legitimate issues with the FBI / CIA and their handling of cybersecurity issues that creating conspiracy-theory narratives is both unnecessary and counterproductive. Frankly it just muddies the waters on the real issues.

Re:What's what!?

Pedantic much?

Re:What's what!?

It must be a huge evil conspiracy because there's no way some goofy SJW twat could be a common thief.

Re: What's what!?

So in that case, it is perfectly acceptable now to confuse your and you're, or to swap their, there and they're simply because it has become common for illiterate people on the internet to spell them incorrectly? Because "English is a living language?"

Re: What's what!?

It's a bit odd that someone who works with viruses and trojans might have something to do with authoring one? Really?

Re:What's what!?

[PlaynBass]

I believe the term you intended to use is moot, yet another oft-misused English word so commonly butchered these days...

/rant Has anyone else noticed the horrible lack of proof-reading skills exhibited by those who type in the captions and screen crawls for our so-called news shows? It seems that in our hi-tech world, simple rules of spelling and grammar have been ignored in the rush to "breaking news". /end rant

Re: What's what!?

So when most people call coloured persons "n#ggers" or Jews "k#kes" it becomes acceptable? Think again. Oh, and f#ck /. censorship. What a bunch of hypocrites, paying lip service to the ideals of freedom of speech and then doing crap like this. Shame on you. Typical nerd cowards.

Re:What's what!?

[Antique+Geekmeister]

Who redacted it? And why? Those are important questions..As an interested member of the public, I may disagree with the reason that it "needs to remain secret". From observation, courts operate best when they are completely public. I'm also concerned that "you shouldn't be over thinking" is often a very dangerous policy.

I'm also forced to see this case in terms of FBI history. The FBI has a long history of "turning" witnesses and granting clemency or even prosecutorial immunity for helping turn in the "big fish". Innocent people have repeatedly been convicted of crimes because of this practice, especially defendants who don't have the money or social resources to resist a prosecutor with fraudulent testimony. Worse, such testimony used to indict a second defendant may be "intepreted" or entirely concocted by the FBI agant. The FBI still refuses to electronically record the conversations they have with witnesses during the investigation, relying on the Form 302 submitted by an agent after the interview. This practice is described at https://en.wikipedia.org/wiki/.... And I'm afraid it _begs_ for fraud.

Re:What's what!?

[TechyImmigrant]

Yes, but 'beg the question' is just a really bad translation of the original phrase. Let 'beg the question' have its new meaning, which makes linguistic sense, and come up with a new phrase for what is essentially circular logic.

However, it's not some obscure corner of the English language. It's taught in school, by English teachers, to children. They learn and remember these things that add the semantics to the words they hear and say. The various types of logical argument and logical fallacy are taught. These things were even taught in school in the crappy mining and steel-works shithole that I grew up in.

It's not hard. It's not inaccessible information. It's not like it doesn't get pointed out most times that people screw it up. This is because most people know how it works and it sounds very wrong to people when it's used wrongly. Just like conjugating wrong or engaging in Yoda speech. I'm happy that people like to boldly split infinitives. English accommodates that. It doesn't accommodate sentences of the form . It sounds ridiculous.

Re:What's what!?

[BrianMahoney1357]

More broadly, 'why anyone...would be stupid enough to travel to the US.' If common sense doesn't change the way things are, maybe the loss of tourist dollars will. Same for Mexico and dozens of other countries around the world.

get your big fake ass titties out of here

The 3 WannaCry addresses used that held the Bitcoin from this exploit have been drained:

https://blockchain.info/address/13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
https://blockchain.info/address/12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
https://blockchain.info/address/115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

For those who don't understand what that means:

The ransomware listed 1 of 3 Bitcoin addresses on the screen and told the victims to send Bitcoin there if they want their stuff back.
Forgetting the details of how that would work (protip: It didn't and was never meant to) these 3 addresses slowly built up as more and more people sent Bitcoin to them in hopes of recovering their files.

They have remained built up on these addresses until today.

Re:get your big fake ass titties out of here

[queazocotal]

total sum?

Re:get your big fake ass titties out of here

[TechyImmigrant]

The 3 WannaCry addresses used that held the Bitcoin from this exploit have been drained

They have remained built up on these addresses until today.

So which is it? They've been drained or they remain built up?

Re:get your big fake ass titties out of here

[Kaenneth]

"Until Today"

Re:get your big fake ass titties out of here

About 150,000$

Re:get your big fake ass titties out of here

Do you not know how to read?

The bitcoins were taken out today. They were accumulating until they were drained, which happened today. Would you like me to draw you a picture in crayons? Maybe get some puppets here to explain?

Re:get your big fake ass titties out of here

[TechyImmigrant]

>Do you not know how to read?

I do, The ambiguity in the second sentence was clear to me.

The built-up-ness did not remain at all, yet you said it did, You said it remained built up and left it to the reader to discern whether 'until today' means "It's still remaining built up today" or "the built-up-ness ceased today".

Disambiguation for the Nation! Now!

Re:get your big fake ass titties out of here

[Cederic]

While the second sentence allows a level of ambiguity that many readers may not even spot, when taken in context of the first sentence it becomes very clear and any ambiguity can only result from deliberate misinterpretation.

Re:get your big fake ass titties out of here

The original statement was grammatically incorrect, and he decided to be "clever" about..

TechyImmigrant needs a dickpunch, not a clarification.

Re:get your big fake ass titties out of here

Really? Damn... I think they caused a few billion in damages!

Re:get your big fake ass titties out of here

[Obfuscant]

While the second sentence allows a level of ambiguity that many readers may not even spot,

I don't spot it. "Remained ... until today ...". "Remained is past tense. "Doesn't remain anymore." Had the sentence been "remains ... until today", then there is still no ambiguity. Current tense means it still remains.

Re:get your big fake ass titties out of here

[Cederic]

Well, I was being generous about it.

No good deed goes unpunished

[fiannaFailMan]

EOM

Re:No good deed goes unpunished

[Kadin2048]

I think it's more like "one good deed today doesn't get you off the hook for the bad deed you did last week".

In other words, if you're a blackhat who happens to take down another blackhat, that doesn't buy you a get-out-of-jail-free card that you can play when other things you may have done in the past surface.

Or at least, not to an extent that stops you from getting indicted. It might play pretty well in court if the whole thing actually goes to trial, I'd imagine. Can't hurt anyway.

What happens in Vegas

[jfdavis668]

stays in Vegas

Re:What happens in Vegas

Except herpes, that follows you everywhere....

Re:What happens in Vegas

[hattable]

One night with Venus...

Loss of revenue

[lsllll]

Don't they understand? Doing shit like this means we won't have DefCon in the U.S. any longer. Think of the hotels and all the revenue we'll be missing!!! Does Trump know about this?

Re:Loss of revenue

You're right in a sense, but for real-scotsman defcon types you know the "game" starts well before you get to the airport, right?

If you can't get past Federal Marshals, maybe you don't belong at defcon? :-o

Re:Loss of revenue

[TechyImmigrant]

Don't they understand? Doing shit like this means we won't have DefCon in the U.S. any longer. Think of the hotels and all the revenue we'll be missing!!! Does Trump know about this?

This is becoming necessary. Similarly for more academic crypto conferences. They split their locations evenly between Europe, Asia and the US which in addition to sharing the travel pain, allows people to avoid countries that might try to prosecute them for being a security researcher. DefCon and BlackHat need to move about so they can be available to researcher that would otherwise be unable to travel there.

Re:Loss of revenue

[volodymyrbiryuk]

I heard Switzerland is lovely this time of year.

Re:Loss of revenue

[gatkinso]

So we are supposed to let wanted criminals walk to keep a shitty conference in Vegas?

Defcon really sucked this year - it seems to have jumped the shark awhile ago.

Re:Loss of revenue

Defcon really sucked this year - it seems to have jumped the shark awhile ago.

You know what really jumped the shark a while ago? That "jumped the shark" phrase.

Re:Loss of revenue

Doing shit like this means we won't have DefCon in the U.S. any longer.

And nothing of value will be lost.

Re:Loss of revenue

[John.Banister]

So, would Toronto work, or do all the Five Eyes countries need to be avoided? The Adelaide Hotel in Toronto might enjoy hosting a conference like this one.

Re:Loss of revenue

[Kobun]

Switzerland is lovely throughout the year.

Re:Loss of revenue

Depends, do you want to be arrested in the comfort of your own country, or someone else's?

Re:Loss of revenue

Fonzie? is that you?

Re:Loss of revenue

I've been to DefCon (and have a neckstrap to prove it). Mostly a bunch of losers all dressed up to look like they walked off the set of The Matrix IMO.

I did attend one interesting conference on Ethernet. Interesting for me at least because I was designing some Ethernet hardware/software/microcode at the time. It was largely empty and filled with a bunch of old boring looking guys (no makeup).

Re:Loss of revenue

What about DEFCON sucked this year?

Re:Loss of revenue

Basically any country with an extradition treaty with the U.S.

Re:Loss of revenue

[aberglas]

They are no longer hacker conferences.

They are business conferences that compete with RSA security. The Hacker element is just a bit of tinsel.

And the corporate customers and IT companies are in the US.

Re:Loss of revenue

[Zemran]

Everything needs to get out of the US not just DefCon. Even the UN end up having important people refused entry and how about that robotics competition when the girls from Afghanistan who should have been encouraged where refused entry. The US is the worst country in the world for just about anything.

Re:Loss of revenue

[Kadin2048]

I doubt this has been lost on the DefCon organizers. Presumably they think that they'd lose more attendance by moving to Europe than by having people who can't safely travel to the US just not come, or attend/present via videoconference or something. And I suspect that's probably true -- very few people (in my experience) go to DefCon or similar conferences on their own dime; you go on your employer's money. And getting your employer to comp you a few hundred bucks for a flight to Vegas and a shitty hotel room (Vegas hotel rooms are notoriously cheap) is a heck of a lot easier than getting a company to cough up for a transatlantic ticket, hotel in Europe, etc. As long as the majority of the attendees are in the US, this is where the conferences are going to be.

But coming here if you're involved in cybercrime is probably, uh, not a very smart idea. That Hutchins came at all suggests to me that he didn't know that the FBI was onto his alleged previous (pre-Wannacry) activities; the alternative is that he's dumb, and he doesn't seem dumb. (Though a fair number of very smart people are also arrogant and don't give other people credit for being able to figure things out, so that's also an option, I suppose.)

There is a legitimate question as to whether there should be some sort of cyber amnesty program, though, given the number of mostly-legitimate "security researchers" who have shady backgrounds but seem to have moved on from them. I've got some mixed feelings on that. On one hand, getting blackhats and their knowledge out into the open so vulns can be remediated and the network in general made more robust is a Good Thing. But I don't know if it outweighs the message it would send, which is that you can basically play Computer Mafioso when you're young and then retire to a nice, secure, respectable position as "security researcher" without the threat of your prior activities coming back to bite you. That's not really how things work in the non-IT world; if you spend your 20s working for the Mob, and then retire to a respectable profession, that respectability is unlikely to protect you from getting a knock on your door sometime later, depending on the statue of limitations, for stuff you did earlier. Might make a judge or jury go easier on you, but it's not an ironclad defense.

What was he arrested for?

... no one seems to know.

So it's all very preliminary.

Soon enough he'll appear in front of a judge to be charged and/or a bail hearing.

Re:What was he arrested for?

[almitydave]

... no one seems to know.

So it's all very preliminary.

Soon enough he'll appear in front of a judge to be charged and/or a bail hearing.

Right, but that doesn't stop us from making wild assumptions and overreacting in the meantime.

Re:What was he arrested for?

[CanHasDIY]

Generally, in the US, when a person is arrested, they're charged with something.

So what has he been charged with? Anything? Or is this yet another 'parallel construction' situation?

Re:What was he arrested for?

[b0bby]

... no one seems to know.

Well, TFA gives a likely reason:

A Justice Department spokesperson has confirmed on the phone that his arrest is in relation to his alleged role "in creating and distributing the Kronos banking Trojan."

Re:What was he arrested for?

[jfdavis668]

In the US, the person arrested is told of the charges. The charges will also be told to his legal representation. It is not broadcasted to the news.

Re:What was he arrested for?

Probably some made up charges and resisting arrest.

Re:What was he arrested for?

unless you wanted to visit gitmo.

Re:What was he arrested for?

[JoelKatz]

I don't think it's illegal to create malware though. That seems to be the only overt act they accuse him of in the indictment. So, assuming he did in fact write it, it will come down to whether the government can prove that he conspired to sell and distribute it based on more than just accusations from his alleged co-conspirator.

Imagine you wrote some malware and I took it from you and sold it. If I was arrested, I would offer to give up the person who created it in exchange for something. Then I'd point to you and swear up and down that I have an agreement with you, whether or not it's true.

So, the big question: Assuming he wrote the malware, other than the word of his co-conspirator (who obviously wants someone to share the blame), is there any evidence he conspired to sell it?

Re:What was he arrested for?

The USA, the place where you are allowed to bear an AK47 while shopping but kinder forbidden and so many books are censored. If NSA/FBI use kronos then this is considered as a weapon. But when it come to this guy, the right to bear arms is not applicable. In USA, the laws are not the same for everybody,

Re:What was he arrested for?

[Dread_ed]

None of those books are censored in the US now. Silly git.

Re:What was he arrested for?

[Megol]

Take that parallel construction and shove it! Do you know what it describes? Do you understand that using it without a proper context and without any reason you sound like a conspiracy nut without a clue?

Waited a while before posting the above. I'll not change anything as I stand by it but you shouldn't necessarily take it 100% seriously...

Re:What was he arrested for?

[Megol]

Scarily no, that's not the case anymore. Guantanamo, secret courts and a lot of other crap new and old (like holding a person as suspect of something obviously false until a case can be built up) means the US legal system can't be trusted.

Re: What was he arrested for?

Stop talking out of your tailpipe. Charges are public information. Case in point is that the indictment against him has now been reported.

Re:What was he arrested for?

[CanHasDIY]

Take that parallel construction and shove it! Do you know what it describes? Do you understand that using it without a proper context and without any reason you sound like a conspiracy nut without a clue?

Waited a while before posting the above. I'll not change anything as I stand by it but you shouldn't necessarily take it 100% seriously...

Meth is a hell of a drug.

Re:What was he arrested for?

[CanHasDIY]

As stated by an AC, criminal charges in the US are public information, unless the person charged is under the age of 18.

So if he was charged with a crime, that information should be accessible by anyone.

Good

If you WannaCry, go ahead and cry. Don't keep it bottled up inside.

Re:Good

It's my party and I'll cry if I want to.

Whoa

mind blown, what is going on!?

Re:Whoa

mind blown, what is going on!?

Sara said she wants to talk to me tomorrow night. Said she wants to get dinner, so I think she wants to be somewhere public when she leaves me. I hope she doesn't try to keep Schmitty. I'm sure the kids will go with her since courts never side with the dad.

Aside from all that everything else is OK. I mean I'm healthy and my job is going OK.

What is going on with you?

Re:Whoa

[kwbauer]

Nice one. Well done.

Recruiting

[budsetr]

They probably just recruited him to help thwart a Decepticon attack. Where did this boom-box come from?

Re:What's what!? A tinfoil hat conspiracy!

[amigabill]

Allegedly did X. But the tinfoil hatters will say that he foiled the NSA/CIA/FBI/HS plan to both infiltrate everyone's computers and to make a few bucks in the process.

Will be interesting reading either way...

WannaCry was an Spook Sponsored Virus

[DatbeDank]

The real reason he was arrested was because the security agencies were using the malware to actively try and discredit Bitcoin by dropping a massive software leak on the entire world. Had more people opted to "pay" the ransom, it would have offered proof to the powers that be that cryptocurrencies are dangerous and convertibility into real fiat should be banned.

Will such proof stop bitcoin? No, but making it more difficult to convert from BTC to fiat will drive the price way down south.

He was arrested because he foiled their plans.

Re:WannaCry was an Spook Sponsored Virus

[omnichad]

That sounds so credible.

Re:WannaCry was an Spook Sponsored Virus

The the indictment, this Kronos malware goes back to 2014. Which mean, an updated version included the new exploit and hence WannaCry was born.

If the NSA created the "warhead", then he replicated and used it to specifically cause indiscriminate harm. He didn't have too, but that was the path he (allegedly) chose.

If the above is true, he's fucked!

Re:WannaCry was an Spook Sponsored Virus

You might want to adjust your hat, the tinfoil is showing.

Re:WannaCry was an Spook Sponsored Virus

[dbIII]

Something slightly more credible is that because there are so many fucking spooks on the payroll there's at least one vindictive bastard who saw the chaos of "Wannacry" as a way to get a bigger budget, and when the expected crisis didn't happen they decided to take it out on the guy who turned "Wannacry" into a non-event.
You don't have to engineer a crisis to profit from it (as the cynical and expensive security theatre after 9/11 shows).

Re:WannaCry was an Spook Sponsored Virus

[Megol]

I think I spot a logical hole there with a larger diameter than that of Mr. Goatse.cx, how about you run away and play with the other nuts at abovetopsecret?

Re:WannaCry was an Spook Sponsored Virus

[Megol]

It's not tinfoil - it's his overconsumption of colloidal silver showing.

Re:WannaCry was an Spook Sponsored Virus

[Zemran]

The exchange he was using had already closed his account so that ransom payments could not be made.

Re:WannaCry was an Spook Sponsored Virus

You should probably lay off the Koolade for a while.

Job offer.

[WolfgangVL]

He probably refused a job while in Vegas, and now they need to make good on the "or else" clause that came with it. I wonder what they are offering him now instead of what they offered before.

Re:Job offer.

5 to ten with complimentary lube?

Indicted for involvement with Kronos trojan

https://www.documentcloud.org/documents/3912520-Marcus-Hutchinson-Indictment.html

Man stops a tool created by the N$A

Is it really all that much of a surprise that he gets arrested? One of two things: he gets a job or he disappears.

Needs more time to develop

I'm usually the first one to put on my tinfoil hat and throw around accusations about government agencies, but I'll need more information on this one. It's possible that Marcus is both the good guy and the bad guy in this situation.

Swordfish is a ridiculous movie

But there was an insightful bit: The German/Finnish hacker who is initially hired to do the job is caught at the airport, and during the interrogation he is asked: Why would the number one hacker in the world risk life imprisonment by coming into the continental US?
So that's the question I have. Why would a "security researcher" enter the United States of America? What is the expectation there?

Snark is..

[s.petry]

Lost on you...

Pedantry

[Tenebrousedge]

"Begging the question" is a bad translation of petitio principii, which is itself a bad translation from Greek sources. Linguistically there isn't really a right answer here. The exact meaning is almost always clear from context, and the usage is very much moving away from the "scholarly" definition. Given that there's not an absolutely correct position on this issue, I think that it's best to avoid using the phrase oneself, and tolerate its use or misuse with others. And if the argument you are responding to does not directly hinge on a point of meaning, it's probably just as well to avoid raising the subject. Life is too short for needless semantic arguments.

Re:Pedantry

...needless semantic arguments

I disagree that semantic arguments, in general, are ever needless. Without semantics, no one would have any idea what anyone else meant, word salad for all. It is a terrible counter-argument to dismiss someone's argument because of semantics. Semantics are paramount to communication.

Also, using "begs the question" beyond it's logical meaning is just silly, literally. No one is ever really even remotely "begging" anything: "hey, on my knees, what you just said makes me wanna ask this other question!" Think about that. If "begging the question" does not mean petitio principii, taking it literally makes the speaker sound like a lunatic. Rather, the misuser is likely attempting to pad their comment with "logical sounding" rhetoric without actually understanding they are misusing the commonly understood and used (among the educated) meaning of the phrase.

I understand language evolves. But we should not allow our language to be held prisoner and be changed by those that don't really understand how to use it. Call it some other language, but don't mess with mine so thoughtlessly by surrendering how to use it so easily and rapidly to those actually using it incorrectly.

Re:Pedantry

This is the sort of blissfully rational post that will never ever receive a single upvote on Slashdot, and thus is unlikely to be read by people.

-Love, Legal.Troll (permanent -1 Karma because most Slashdot readers are idiots)

How dare they sully Bitcoins good name!

My understanding is that prior to WannaCry Bitcoin was primarily used for church tithings and to help Sarah McLachlan save those poor, poor dogs. I'm glad you brought this travesty to the Internet's attention. Now the only thing that I have to give Sarah is my body, I'll just have to take that bullet.

Re:Interfering with Russian hacking.

quid pro quo donnie, Quid pro quo

So this is how it goes down...

You work for us or you go to jail. Thank you NSA grade 5.3 Marcus Hutchins.

No Extradition

[simpz]

Surely if the US authorities had enough evidence they would have requested (and got) his extradition from the UK ages ago. Why wait until he is in the US?

Re:No Extradition

[LostOne]

Because it is significantly cheaper and easier to wait for someone to be on your own territory where your laws are sovereign than to try to get foreign state which has different laws to cooperate. Even a friendly foreign state. Extradition is often a complex mess and often requires, among other things, the party requesting extradition to demonstrate that the alleged crime actually is illegal in the juridiction being asked to extradite.

Re:No Extradition

[simpz]

I know extradition is hard but doing this doesn't say we are *that* bothered by his crime.

He committed a crime so heinous that we aren't even going to try to extradite we are just going to brood over it on the off chance he enters the country.

Re:No Extradition

[Martin+S.]

He can only be extradited from the UK to US if he has been charged.

He cannot be extradited from the UK as a material witness or just a suspect just to face a grand jury. That would be considered an abuse of process.

Re:No Extradition

[coofercat]

Aside from the legal hoops you'd have to jump through, it would alert him to their intent and allow him to build a case against them. Just because the US requests extradition doesn't mean it happens every single time (although I'll grant you, it's closer to a formality between the UK and US than it probably should be). This way, he didn't know a thing about it, and they've arrested him and have 100% control over him - the UK can piss right off.

Right now, UK diplomats are talking to US diplomats about this. They're asking for a comfier prison cell, faster proceedings, lesser sentences, serve his time in the UK etc etc. The US is by far the larger of the negotiating parties and has probably said "okay, we'll send him another blanket, but that's all you're getting".

Whatever their reasoning, they've got him and won't be letting go anytime soon. An example must be made, whether real or not. Someone must pay, ideally a foreigner, but under no circumstances must any responsibility be taken for any of it.

Something fishy...

[MotoRyan]

This is crazy. Wonder if it is retaliation or if he was really involved? If he was involved, why did he go through all of the trouble to put himself in the public view? The guy did an AMA just 2 months ago: https://www.reddit.com/r/IAmA/... AND he attends Defcon? Something is fishy...

Re:Something fishy...

It is called "hiding in plain sight"

WannaCry?

This can't be just for stopping the WannaCry virus, right? I guess if you stretch the law really far, registering this domain can be seen as "interfering with a protected computer system" since it alters the working of the virus installed on the computer, but certainly no-one would be that idiotic?

I think he is wanted for something else. I really hope so at least.

More from the Register

[Martin+S.]

The Register reporting that asking for a sample of Kronos on twitter is the smoking gun for this grand jury indictment.

https://www.theregister.co.uk/...

Re:More from the Register

[Martin+S.]

The original offer for sale of Kronos was in Russian natural language so not machine translated. There is no evidence that Marcus speaks or writes Russian. Miss-direction is possible, but that doesn't fit with the relative lack of sophistication of Kronos.

Language evolves

[Martin+S.]

The modern usage has evolved and clearly understood by most. Those complaining on that basis are demonstrating an inability to adapt.

Re:Language evolves

[Megol]

Yes it's understood by most. The problem is that begging the question really means another thing than most think it does - a thing that is hard to describe without using the phrase. So the problem isn't one of a language evolving rather than devolving, the common use of the phrase now hinders the proper* use meaning it's harder to express the original meaning. And there's no reason as the phrase people really want to express already exist, is just one extra letter and is more logical (the use of "begs" needs some strange definition of the word to make it fit).

(* well a language is a democratic thing so the proper use isn't decided by some language god somewhere...)

Re: Language evolves

Eating shit because you're too lazy to cook real food or to buy it is not adapting to anything: it's eating shit and smelling like it too.

Def Con Toronto

[uvajed_ekil]

No problem, we'll just hold Def Con in Toronto form now on if Vegas doesn't want us. Not the same casino scene, but literally everything else is better there.

Python Pedantry

Life is too short for needless semantic arguments.

No, it isn't !

Re:Python Pedantry

There should be no space between the "t" and the "!".

Grey hat?

[LordWabbit2]

So he's a grey hat, not surprised, what's that saying again??? [Googles..]

"He who fights with monsters should be careful lest he thereby become a monster. And if thou gaze long into an abyss, the abyss will also gaze into thee." - Nietzsche

Maybe I should make that my sig?